Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
Sonatype Innovators
READ MORE

Sonatype launches customer-focused program, Sonatype innovate

By Maura Harwood on June 17, 2021 News and Views

2 minute read time

Say hello to Sonatype Innovate—a program designed for innovators within the Sonatype community to collaborate, grow and learn from each other.
Read More...
8 Malicious Packages Found in npm
READ MORE

Open source attacks on the rise: Top 8 malicious packages found in npm

By Ax Sharma on June 08, 2021 featured

10 minute read time

We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.
Read More...
Dependency Confusion open source attacks explained
READ MORE

Are you still wondering about dependency confusion attacks?

By Luke Mcbride on June 03, 2021 featured

4 minute read time

Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate.
Read More...
open source legal compliance with the Advanced Legal Pack
READ MORE

Slaying the dragon of OSS legal compliance With the Advanced Legal Pack

By Dariush Griffin on May 04, 2021 featured

3 minute read time

Open source can come with a plethora of legal obligations. Manual reviews can take hundreds of hours for 1 app. Let The Advanced Legal Packs help.
Read More...
Muse and SAST are highly complementary
READ MORE

Sonatype + Muse: How improved code quality complements enterprise SAST

By Matt Howard on April 29, 2021 SAST

3 minute read time

MuseDev, Sonatype's innovative code analysis platform, is highly complementary to enterprise SAST tools like Fortify that surface a wide breadth of deep.
Read More...
Easy onboarding to Nexus Lifecycle from source control management systems
READ MORE

Onboarding Sonatype Lifecycle through source control (SCM)

By Kevin Miller on April 22, 2021 onboarding

3 minute read time

We're simplifying the Sonatype Lifecycle onboarding process, making it easy to quickly onboard apps from a source control repository such as GitHub, GitLab,.
Read More...
READ MORE

Update to CVE-2019-7238 in Nexus Repository Manager 3

By Brent Kostak on April 12, 2021 Nexus Repository 3

1 minute read time

An article was brought to our attention that suggests a new attack tactic is targeting an old vulnerability in NXRM, CVE-2019-7238.
Read More...
Infrastructure as Code Pack for Nexus Lifecycle
READ MORE

Secure what you build and where you run it: Say hello to the infrastructure as code pack for Sonatype Lifecycle

By Kevin Miller on March 16, 2021 News and Views

4 minute read time

Introducing the Infrastructure as Code Pack for Nexus Lifecycle.
Read More...
Sonatype announces Nexus Container
READ MORE

Understanding Sonatype Container: Five technologies you need for full life cycle container security

By Alexander Dale on March 16, 2021 Container Security

3 minute read time

Say hello to Nexus Container and explore the five technologies you need for full life cycle container security.
Read More...